[Samba] GPO issues - getting SYSVOL cleaned up again

L.P.H. van Belle belle at bazuin.nl
Wed Jul 31 12:48:09 UTC 2019 

?? And we did compair this months ago.. 
You did say, everything is in sync now. 
Ahhh...   ;-) 

If you really want to know if you DC's are setup the same. 
Tip..  Copy /etc of both server into a new folder. 
And runn diff -r /etc-dc1/ /etc-dc2/  > check-me.txt
And check-me.txt 

I just did that on my brand new Buster proxy servers, 2 with keepalived. 
I'm almost done with this, you should only see hostname IP's as differences... 
Virtual ips, firewalling, added winbind, nfs, strongswan, kerberos SSO auths. 
Squid with 4 setups.. Pfew.. But guys, when done im posting this howto also. 
With squid 4.8 on buster, ( hint : repo buster-squid48 ssl enabled ) 
What a dragon this was, strongswan is last what im on now. 
If someone has a strongswan setup with user/ldap auth, pm me your config ;-) 


Ok, what you posted below. 

pre01svdeb03 : apt-get remove --purge --auroremove resolvconf 
Old dc:  pre01svdeb02 : apt-get remove --purge --auroremove resolvconf 

Make these changes/verify them after the remove of resolvconf

pre01svdeb03 
/etc/resolv.conf
search pilsbacher.at
nameserver 192.168.16.206
nameserver 192.168.16.205

pre01svdeb02
/etc/resolv.conf
search pilsbacher.at
nameserver 192.168.16.206
nameserver 192.168.16.205

^^ yes note that "NOT switching" the DC's. 
If want here the other DC first untill its all ok local on this server. 

Reboot pre01svdeb02 
Backup your logs on this server and clear them. 

Yes, reboot! That clear cachings also, just to be sure. 

After boot, login, wait ... Wait ... 

klist -ke /var/lib/samba/private/secrets.keytab
Verify the hostname

Verify /var/lib/samba/private/dns_update_cache
Does it show the correct hostname. 

Is it correct now ? 
Yes => run  samba-tool dbcheck --cross-nc 

No errors?   ( ignore tombstone objects ) 
samba_dnsupdate --verbose 

And if ok, now switch's DC's again in /etc/resolv.conf

search pilsbacher.at 
nameserver 192.168.16.205
nameserver 192.168.16.206

And reboot once more, check logs again. 

Greetz, 

Louis




> -----Oorspronkelijk bericht-----
> Van: Stefan G. Weichinger [mailto:lists at xunil.at] 
> Verzonden: woensdag 31 juli 2019 14:24
> Aan: L.P.H. van Belle
> Onderwerp: Re: [Samba] GPO issues - getting SYSVOL cleaned up again
> 
> Am 31.07.19 um 14:17 schrieb L.P.H. van Belle:
> > Can you post me the output also on of DC2 of that 
> samba_dnsupdate --verbose 
> 
> observation:
> 
> resolv.conf differs:
> 
> 
> 
> root at pre01svdeb03:~# cat /etc/resolv.conf
> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
> resolvconf(8)
> #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE 
> OVERWRITTEN
> nameserver 192.168.16.206
> nameserver 192.168.16.205
> search pilsbacher.at
> 
> root at pre01svdeb02:~# cat /etc/resolv.conf
> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
> resolvconf(8)
> #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE 
> OVERWRITTEN
> nameserver 192.168.16.205
> search pilsbacher.at
> 
> so DC2=deb03 asks both DNS
> 
> DC1=deb02 only itself
> 
>

More information about the samba mailing list